Closed tinchoa closed 4 years ago
I've looked at the pcap file, the crash happens at the very 1st packet - it's just 4 bytes, clearly not a valid Ethernet packet. The pcap file is likely truncated at the start. After skipping the 1st packet dpkt processes the rest of the file just fine. You could rewrite the handling loop to be resilient to truncated packets. Dpkt is doing the right thing.. closing.
Hello, I created a simple program to read a pcap file:
The pcap file that I was trying to read is the following: https://mcfp.felk.cvut.cz/publicDatasets/CTU-Normal-20/2017-04-30_win-normal.pcap
And here is the traceback of the error:
Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/dpkt/dpkt.py", line 89, in init self.unpack(args[0]) File "/usr/local/lib/python3.7/dist-packages/dpkt/ethernet.py", line 133, in unpack dpkt.Packet.unpack(self, buf) File "/usr/local/lib/python3.7/dist-packages/dpkt/dpkt.py", line 171, in unpack struct.unpack(self.hdr_fmt, buf[:self.hdr_len])): struct.error: unpack requires a buffer of 14 bytes
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "feature-extractor.py", line 14, in
eth = dpkt.ethernet.Ethernet(data)
File "/usr/local/lib/python3.7/dist-packages/dpkt/ethernet.py", line 79, in init
dpkt.Packet.init(self, *args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/dpkt/dpkt.py", line 92, in init
raise NeedData
dpkt.dpkt.NeedData
I've tried to modify the unpack function on line 168 of dpkt.py with this code, but it did not work: